Security
Headlines
HeadlinesLatestCVEs

Tag

#zero_day

Financial Institutions Are Suffering From Increasingly Sophisticated Cyberattacks, According to Contrast Security

DARKReading
Open in Source
#vulnerability#web#microsoft#git#intel#vmware#aws#auth#ibm#zero_day#ssl
VMware Finds No Evidence of 0-Day in Ongoing ESXiArgs Ransomware Spree

VMware on Monday said it found no evidence that threat actors are leveraging an unknown security flaw, i.e., a zero-day, in its software as part of an ongoing ransomware attack spree worldwide. "Most reports state that End of General Support (EoGS) and/or significantly out-of-date products are being targeted with known vulnerabilities which were previously addressed and disclosed in VMware

Florida hospital takes entire IT systems offline after 'ransomware attack'

Categories: News Categories: Ransomware Tags: Tallahassee Memorial Tags: TMH Tags: Mark O’Bryant Tags: Max Henderson Tags: Atlantic General Hospital Tags: ransomware Tags: healthcare ransomware attack Tallahassee Memorial in Florida has reportedly been hit by a ransomware attack. (Read more...) The post Florida hospital takes entire IT systems offline after 'ransomware attack' appeared first on Malwarebytes Labs.

CVE-2021-36226: Another 0-Day Looms for Many Western Digital Users

Western Digital My Cloud devices before OS5 do not use cryptographically signed Firmware upgrade files.

BlueHat 2023: Connecting the security research community with Microsoft

We’re excited to welcome more than 400 members of the security research community from around the world to Redmond, Washington for BlueHat 2023. Hosted by the Microsoft Security Response Center (MSRC), BlueHat is where the security research community, and Microsoft security professionals, come together as peers to connect, share, learn, and exchange ideas in the interest of creating a safer and more secure world for all.

Warning: Hackers Actively Exploiting Zero-Day in Fortra's GoAnywhere MFT

A zero-day vulnerability affecting Fortra's GoAnywhere MFT managed file transfer application is being actively exploited in the wild. Details of the flaw were first publicly shared by security reporter Brian Krebs on Mastodon. No public advisory has been published by Fortra. The vulnerability is a case of remote code injection that requires access to the administrative console of the application

Discrepancies Discovered in Vulnerability Severity Ratings

Differences in how the National Vulnerability Database (NVD) and vendors score bugs can make patch prioritization harder, study says.

CVE-2023-23074: BugBounty

Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via embedding videos in the language component.

CVE-2023-23073: BugBounty

Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via PO in the purchase component.

CVE-2023-23077: BugBounty

Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 13 via the comment field when adding a new status comment.